<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>CSRF</title>
    <link rel="icon" href="{{ url_for('static', filename='images/icon.png') }}" type="image/x-icon">
    <style>
        h1 {
            font-size: 30px;
            position: absolute;
            top: 1px;
            left: 200px;
        }

        #DIV1 {
            height: 80px;
            background-color: cornflowerblue;
            position: absolute;
            top: 20px;
            left: 2px;
            right: 2px;
        }

        #DIV2 {
            background-color: #f2f2f2;
            width: 260px;
            position: absolute;
            top: 130px;
            left: 200px;
            bottom: 10px;
        }

        #DIV3 {
            background-color: #f2f2f2;
            width: 600px;
            padding: 350px;
            position: absolute;
            top: 130px;
            left: 500px;
        }

    </style>
</head>
<body>

<div id="DIV1">
    <h1>CSRF防范实例</h1>
</div>
<div id="DIV2">
    <label>　　ErrorVersion</label>
    <ul>
        <li><a href="{{ url_for('wrong.XSS') }}">跨站脚本(XSS)漏洞</a></li>
        <li><a href="{{ url_for('wrong.CSRF') }}">跨站请求伪造（CSRF）漏洞</a></li>
        <li><a href="{{ url_for('wrong.HTTP_Header') }}">HTTP Header注入漏洞系统</a></li>
        <li><a href="{{ url_for('wrong._display') }}">目标遍历漏洞系统</a></li>
        <li><a href="{{ url_for('wrong.SQL_inject') }}">SQL注入漏洞</a></li>
        <li><a href="{{ url_for('wrong.Path_traversal') }}">文件下载漏洞</a></li>
        <li><a href="{{ url_for('wrong.upload') }}">文件上传漏洞文件</a></li>
        <li><a href="{{ url_for('wrong.oplog') }}">日志不全或无操作日志系统</a></li>
        <li><a href="{{ url_for('wrong.test') }}">渗透测试安全漏洞系统</a></li>
    </ul>
    <label>　　CorrectVersion</label>
    <ul>
        <li><a href="{{ url_for('correct.XSS') }}">跨站脚本(XSS)漏洞</a></li>
        <li><a href="{{ url_for('correct.CSRF') }}">跨站请求伪造（CSRF）漏洞</a></li>
        <li><a href="{{ url_for('correct.HTTP_Header') }}">HTTP Header注入漏洞系统</a></li>
        <li><a href="{{ url_for('correct._display') }}">目标遍历漏洞系统</a></li>
        <li><a href="{{ url_for('correct.SQL_inject') }}">SQL注入漏洞</a></li>
        <li><a href="{{ url_for('correct.Path_traversal') }}">文件下载漏洞</a></li>
        <li><a href="{{ url_for('correct.upload') }}">文件上传漏洞文件</a></li>
        <li><a href="{{ url_for('correct.oplog') }}">日志不全或无操作日志系统</a></li>
        <li><a href="{{ url_for('correct.test') }}">渗透测试安全漏洞系统</a></li>
    </ul>
</div>

<style type="text/css">
    form {
        width: 600px;
        background-color: #f2f2f2;
        padding: 100px;
        position: absolute;
        left: 100px;
        top: 100px;
    }

    button {
        margin-top: 20px;
    }
</style>
<div id="DIV3">
    <form method="post" action='/CSRFc'>
        {{ form.csrf_token }}
        {{ form.username.label }} {{ form.username }}<br/>
        {{ form.password.label }} {{ form.password }}<br/>
        {{ form.submit }}
        {% for message in get_flashed_messages() %}
            {{ message }}
        {% endfor %}
    </form>
</div>

</body>
</html>